GDPR refers to the General Data Protection Regulation (EU 2016/679) - It was adopted 27 April 2016 (so it's already law!) and any organisation offering goods and services to European Union residents has to achieve compliance by 25 May 2018. There are real penalties for non-compliance:
- Potential imprisonment for company directors
- Fines can be imposed for a wide range of contraventions of up to €20,000,000 or 4% of global turnover, whichever is the greater. (If GDPR had been in effect, just one of Yahoo's recent data breaches could have led to a $198m fine!)
The aims
GDPR aims to standardise data legislation, replacing outdated and inconsistent legislation mostly dating from 1995 when technology and data usage were very different. Under GDPR EU data subjects will have eight core rights (more on those in a future briefing).
Now there is a definition of 'data breach' and rules to govern what happens when one occurs, with a framework of tough penalties to enforce compliance.
The implications
You won't be able to continue to market in the same way. As a minimum, you need proof of positive, informed, consent. And there's so much more...
We don't want to cover too much in any one article. Our focus is going to be increasingly on how to thrive under GDPR. Just know for now that you've got to take it seriously and begin to prepare now.
Related
- What is GDPR?
- Don't get caught out by GDPR
- GDPR kills 3rd party data sources
- Use GDPR as an Opportunity, not a Threat
- Background to GDPR
- Key principles of GDPR
- The eight principles of data protection
- Isn't Postcode 'Personally Identifiable Information' (PII)?
This article is for information only and is not intended to be legal advice on this matter. If you have specific questions on how this may affect your organisation then you should consult a legal professional.